[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 20 21:12:44 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cbdac71a by security tracker role at 2023-10-20T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
+ TODO: check
+CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...)
+ TODO: check
+CVE-2023-5688 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...)
+ TODO: check
+CVE-2023-5687 (Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo ...)
+ TODO: check
+CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
+ TODO: check
+CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...)
+ TODO: check
+CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a target dom ...)
+ TODO: check
+CVE-2023-45805 (pdm is a Python package and dependency manager supporting the latest P ...)
+ TODO: check
+CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
+ TODO: check
+CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in Fortinet Fort ...)
+ TODO: check
+CVE-2023-3965 (The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scri ...)
+ TODO: check
+CVE-2023-3962 (The Winters theme for WordPress is vulnerable to Reflected Cross-Site ...)
+ TODO: check
+CVE-2023-3933 (The Your Journey theme for WordPress is vulnerable to Reflected Cross- ...)
+ TODO: check
+CVE-2023-3487 (An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and ...)
+ TODO: check
+CVE-2023-37824 (Sitolog sitologapplicationconnect v7.8.a and before was discovered to ...)
+ TODO: check
+CVE-2023-34046 (VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Tim ...)
+ TODO: check
+CVE-2023-34045 (VMware Fusion(13.x prior to 13.5)contains a local privilege escalation ...)
+ TODO: check
+CVE-2023-34044 (VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) ...)
+ TODO: check
CVE-2023-5090 [x86: KVM: SVM: always update the x2avic msr interception]
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1535,6 +1573,7 @@ CVE-2023-27380 (An OS command injection vulnerability exists in the admin.cgi US
CVE-2023-24479 (An authentication bypass vulnerability exists in the httpd nvram.cgi f ...)
NOT-FOR-US: Yifan
CVE-2023-44981 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...)
+ {DLA-3624-1}
- zookeeper <unfixed> (bug #1054224)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/11/4
NOTE: https://github.com/apache/zookeeper/commit/e2070bed85d8b0c98a5a0045bf92421f473c412e (master)
@@ -27366,7 +27405,7 @@ CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick'
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d (ImageMagick 6.9.12-84)
CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. ...)
+CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 o ...)
NOT-FOR-US: WordPress plugin
CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6 on Wo ...)
NOT-FOR-US: WordPress plugin
@@ -33774,11 +33813,11 @@ CVE-2017-20180 (A vulnerability classified as critical has been found in Zerocoi
NOT-FOR-US: Zerocoin libzerocoin
CVE-2015-10095 (A vulnerability classified as problematic has been found in woo-popup ...)
NOT-FOR-US: WordPress plugin
-CVE-2015-10094 (A vulnerability was found in Fastly Plugin up to 0.97. It has been rat ...)
+CVE-2015-10094 (A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It ...)
NOT-FOR-US: WordPress plugin
-CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. ...)
+CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 o ...)
NOT-FOR-US: Mark User as Spammer Plugin
-CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It h ...)
+CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on Wo ...)
NOT-FOR-US: Qtranslate Slug Plugin
CVE-2015-10091 (A vulnerability has been found in ByWater Solutions bywater-koha-xslt ...)
NOT-FOR-US: bywater-koha-xslt
@@ -39376,7 +39415,7 @@ CVE-2023-0785 (A vulnerability classified as problematic was found in SourceCode
NOT-FOR-US: SourceCodester Best Online News Portal
CVE-2023-0784 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Best Online News Portal
-CVE-2022-4905 (A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has ...)
+CVE-2022-4905 (A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordP ...)
NOT-FOR-US: UDX Stateless Media Plugin
CVE-2023-25689 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and ...)
NOT-FOR-US: IBM
@@ -45655,7 +45694,7 @@ CVE-2022-4890 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: abhilash1985 PredictApp
CVE-2021-4313 (A vulnerability was found in NethServer phonenehome. It has been rated ...)
NOT-FOR-US: NethServer phonenehome
-CVE-2018-25076 (A vulnerability classified as critical was found in Events Extension. ...)
+CVE-2018-25076 (A vulnerability classified as critical was found in Events Extension o ...)
NOT-FOR-US: BigTree CMS addon
CVE-2016-15020 (A vulnerability was found in liftkit database up to 2.13.1. It has bee ...)
NOT-FOR-US: liftkit database
@@ -46368,8 +46407,8 @@ CVE-2023-23375 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-23373
- RESERVED
+CVE-2023-23373 (An OS command injection vulnerability has been reported to affect QUSB ...)
+ TODO: check
CVE-2023-23372
RESERVED
CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...)
@@ -47866,7 +47905,7 @@ CVE-2023-0145 (The Saan World Clock WordPress plugin through 1.8 does not valida
NOT-FOR-US: WordPress plugin
CVE-2017-20167 (A vulnerability, which was classified as problematic, was found in Min ...)
NOT-FOR-US: Minichan
-CVE-2016-15017 (A vulnerability has been found in fabarea media_upload and classified ...)
+CVE-2016-15017 (A vulnerability has been found in fabarea media_upload on TYPO3 and cl ...)
NOT-FOR-US: fabarea media_upload
CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been rated as crit ...)
NOT-FOR-US: mapoor voteapp
@@ -48222,7 +48261,7 @@ CVE-2020-36646 (A vulnerability classified as problematic has been found in Medi
NOTE: https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 (v0.4.39)
CVE-2017-20164 (A vulnerability was found in Symbiote Seed up to 6.0.2. It has been cl ...)
NOT-FOR-US: Symbiote Seed
-CVE-2016-15014 (A vulnerability has been found in CESNET theme-cesnet up to 1.x and cl ...)
+CVE-2016-15014 (A vulnerability has been found in CESNET theme-cesnet up to 1.x on own ...)
NOT-FOR-US: CESNET theme-cesnet
CVE-2016-15013 (A vulnerability was found in ForumHulp searchresults. It has been rate ...)
NOT-FOR-US: ForumHulp
@@ -49117,7 +49156,7 @@ CVE-2022-48217 (The tf_remapper_node component 1.1.1 for Robot Operating System
NOT-FOR-US: ROS tf_remapper_node
CVE-2022-48216 (Uniswap Universal Router before 1.1.0 mishandles reentrancy. This woul ...)
NOT-FOR-US: Uniswap Universal Router
-CVE-2020-36639 (A vulnerability has been found in AlliedModders AMX Mod X and classifi ...)
+CVE-2020-36639 (A vulnerability has been found in AlliedModders AMX Mod X on Windows a ...)
NOT-FOR-US: AlliedModders AMX Mod X
CVE-2019-25094 (A vulnerability, which was classified as problematic, was found in inn ...)
NOT-FOR-US: innologi appointments Extension
@@ -49488,7 +49527,7 @@ CVE-2022-4866 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos
NOT-FOR-US: usememos
CVE-2022-4865 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
-CVE-2017-20159 (A vulnerability was found in rf Keynote up to 0.x. It has been rated a ...)
+CVE-2017-20159 (A vulnerability was found in rf Keynote up to 0.x on Rails. It has bee ...)
NOT-FOR-US: rf Keynote
CVE-2017-20158 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yi ...)
NOT-FOR-US: vova07 Yii2 FileAPI Widget
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbdac71a7423b5de61183da9d6f6c17a1afafaed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbdac71a7423b5de61183da9d6f6c17a1afafaed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231020/cb882b42/attachment.htm>
More information about the debian-security-tracker-commits
mailing list